I'm setting up collecting logs from Asterisk on FreeBSD (10.1.34.30) - to OpenBSD machine (10.145.13.22).
The remote part (Asterisk, FreeBSD) are already configured. tcpdump (run on FreeBSD) shows that logs are sent from FreeBSD machine to OpenBSD:

-u Select the historical ``insecure'' mode, in which syslogd will
accept input from the UDP port. Some software wants this, but
you can be subjected to a variety of attacks over the network,
including attackers remotely filling logs.

And:

Code:

syslogd opens an Internet domain socket as specified in /etc/services.
Normally syslogd will only use this socket to send messages outwards, but
in ``insecure'' mode it will also read messages from this socket....

Yes, I saw this option, but haven't used it, because syslog was already listening on UDP (as we see from 'netstat -f inet -nla').
On the other hand, 'ps aux | grep sysl' shows that the '-u' option is not used.

The syslog port is a low numbered port, so privilege separation is used. The checking of program options occurs after privilege separation has already completed. If "-u" is used, the variable SecureMode is set to false and the opened port then is utilized. See /usr/src/usr.sbin/syslogd/*

Last edited by jggimi; 21st August 2013 at 12:33 PM.
Reason: typo: removed "not" in the -u statement :)